By now, most people have visited a website only to find it shut down, often because the site may have experienced a Distributed Denial of Service (DDoS) attack.
These attacks are happening more frequently than ever, specifically disrupting online services by crashing websites. Typically, hackers leverage computers that are connected to the internet and infected with malware to send massive amounts of requests — hoping to overwhelm and crash a victim’s site. Similar to how Ticketmaster might shut down because millions of fans attempt to nab tickets, a DDoS attack consists of cybercriminals using compromised computers, smart phones, and IoT devices to flood a website with fictitious traffic.
DDoS attacks gain traction
DDoS attacks have been increasing in both frequency and notoriety. A recent report revealed that the first half of 2022 experienced an increase of DDoS attacks by 75.6%, with related amplification attacks increasing by 106.7%. And in October, DDoS attacks against airports crippled flight travel in the U.S. We have also recently witnessed DDoS attacks take out the website for the Metropolitan Opera as well as the FuboTV live stream of the 2022 World Cup.
Just this month, we saw the DOJ apprehend 48 DDoS-for-hire websites. Although these websites-for-hire claim to be a “tester” for an organization’s bandwidth, in reality these services are often used by cybercriminals for payment or even to impact the reputation of opposing political views.
The impact
All of these DDoS attacks have the potential to disrupt not only our entire way of life, but our democracy. Just as the shutdown of airport websites halted air travel, an attack against government/state websites or critical infrastructure could have drastic consequences ranging from disrupting elections to food shortages.
Unfortunately, as organizations become more digital, these types of attacks can become more invasive and can lead to other styles of attacks. For example, social engineering attacks use these news stories to encourage customers to act quickly and avoid such breaches — convincing them to hand over authentication and identity credentials to nefarious threat actors.
This can further lead to the leaking of valuable personal identifiable information (PII). Threat actors can now see information such as trends, patterns and the way a person interacts in social settings — not just the obvious PII, like names and birthdates. This means threat actors can now create almost impossible to identify synthetic identities. Without the proper solutions to detect these fakes, these synthetic identities will severely disrupt people's lives and the way we do business.
Prevention and mitigation
Combining the proper technologies and education before a crisis hits will ultimately ensure organizations are doing everything they can to prevent and prepare for a DDoS attack. Organizations and their cyber teams should look to the following initiatives to stay ahead and mitigate any aftershocks:
- Ensure resilient site infrastructure: Make sure that any site infrastructure is geographically and logically redundant and can dynamically scale to increase, but not break. It’s crucial as hackers look for such tipping points where it becomes too costly for organizations to handle spikes as large as some of these attacks.
- Use advanced identity verification systems: Advanced identity verification systems can also help businesses with detecting when synthetic identities are used to conduct business. Security teams can identify DDoS traffic through the network traffic sent. There are technologies that can help stop that traffic before it impacts the website or application.
- Educate users: Mitigating offshoots of DDoS attacks calls for mechanisms that verify transactions and members of any organization, offering guidance on what could happen in an emergency. This includes explicitly educating users that they will never get asked for authentication credentials for any reason, especially during a hacking event or when the company sites are unavailable.
- Deploy connected authentication and verification devices: Implementing connected authentication and verification devices can help make mitigating subsequent attacks easier. These devices prevent the customer from giving away credentials by leveraging Fast ID Online (FIDO). They can also present the customer with details of the transaction directly on the secure screen of the device, ensuring transaction details come directly from the business and are not manipulated while the transaction is being transmitted back and forth.
Remember, prevention almost always costs less than an actual attack. The average cost of infrastructure failure to businesses is $100,000 per hour. In the case of the Metropolitan Opera, the company reported that during the holiday season, their ticketing systems typically handle about $200,000 in sales each day. With the site down for almost a full week, they resorted to selling $50 general admission tickets instead.
No surprise, it pays to prepare, and if organizations remain unequipped, we will only continue to see an increase in DDoS attacks.
Will LaSala, Field CTO, OneSpan
